root/usr/share/firewall4/templates/redirect.uc

   1 {%+ if (redirect.family && !redirect.has_addrs): -%}
   2         meta nfproto {{ fw4.nfproto(redirect.family) }} {%+ endif -%}
   3 {%+ if (!redirect.proto.any && !redirect.has_ports): -%}
   4         meta l4proto {{
   5                 (redirect.proto.name == 'icmp' && redirect.family == 6) ? 'ipv6-icmp' : redirect.proto.name
   6         }} {%+ endif -%}
   7 {%+ if (redirect.device): -%}
   8         oifname {{ fw4.quote(redirect.device, true) }} {%+ endif -%}
   9 {%+ if (redirect.saddrs_pos): -%}
  10         {{ fw4.ipproto(redirect.family) }} saddr {{ fw4.set(redirect.saddrs_pos) }} {%+ endif -%}
  11 {%+ if (redirect.saddrs_neg): -%}
  12         {{ fw4.ipproto(redirect.family) }} saddr != {{ fw4.set(redirect.saddrs_neg) }} {%+ endif -%}
  13 {%+ for (let a in redirect.saddrs_masked): -%}
  14         {{ fw4.ipproto(redirect.family) }} saddr & {{ a.mask }} {{ a.invert ? '!=' : '==' }} {{ a.addr }} {%+ endfor -%}
  15 {%+ if (redirect.daddrs_pos): -%}
  16         {{ fw4.ipproto(redirect.family) }} daddr {{ fw4.set(redirect.daddrs_pos) }} {%+ endif -%}
  17 {%+ if (redirect.daddrs_neg): -%}
  18         {{ fw4.ipproto(redirect.family) }} daddr != {{ fw4.set(redirect.daddrs_neg) }} {%+ endif -%}
  19 {%+ for (let a in redirect.daddrs_masked): -%}
  20         {{ fw4.ipproto(redirect.family) }} daddr & {{ a.mask }} {{ a.invert ? '!=' : '==' }} {{ a.addr }} {%+ endfor -%}
  21 {%+ if (redirect.sports_pos): -%}
  22         {{ redirect.proto.name }} sport {{ fw4.set(redirect.sports_pos) }} {%+ endif -%}
  23 {%+ if (redirect.sports_neg): -%}
  24         {{ redirect.proto.name }} sport != {{ fw4.set(redirect.sports_neg) }} {%+ endif -%}
  25 {%+ if (redirect.dports_pos): -%}
  26         {{ redirect.proto.name }} dport {{ fw4.set(redirect.dports_pos) }} {%+ endif -%}
  27 {%+ if (redirect.dports_neg): -%}
  28         {{ redirect.proto.name }} dport != {{ fw4.set(redirect.dports_neg) }} {%+ endif -%}
  29 {%+ if (redirect.smacs_pos): -%}
  30         ether saddr {{ fw4.set(redirect.smacs_pos) }} {%+ endif -%}
  31 {%+ if (redirect.smacs_neg): -%}
  32         ether saddr != {{ fw4.set(redirect.smacs_neg) }} {%+ endif -%}
  33 {%+ if (redirect.helper): -%}
  34         ct helper{% if (redirect.helper.invert): %} !={% endif %} {{ fw4.quote(redirect.helper.name, true) }} {%+ endif -%}
  35 {%+ if (redirect.limit): -%}
  36         limit rate {{ redirect.limit.rate }}/{{ redirect.limit.unit }}
  37         {%- if (redirect.limit_burst): %} burst {{ redirect.limit_burst }} packets{% endif %} {%+ endif -%}
  38 {%+ if (redirect.start_date && redirect.stop_date): -%}
  39         meta time {{ fw4.datestamp(redirect.start_date) }}-{{ fw4.datestamp(redirect.stop_date) }} {%+
  40    elif (redirect.start_date): -%}
  41         meta time >= {{ fw4.datestamp(redirect.start_date) }} {%+
  42    elif (redirect.stop_date): -%}
  43         meta time <= {{ fw4.datestamp(redirect.stop_date) }} {%+
  44    endif -%}
  45 {%+ if (redirect.start_time && redirect.stop_time): -%}
  46         meta hour {{ fw4.time(redirect.start_time) }}-{{ fw4.time(redirect.stop_time) }} {%+
  47    elif (redirect.start_time): -%}
  48         meta hour >= {{ fw4.time(redirect.start_time) }} {%+
  49    elif (redirect.stop_time): -%}
  50         meta hour <= {{ fw4.time(redirect.stop_time) }} {%+
  51    endif -%}
  52 {%+ if (redirect.weekdays): -%}
  53         meta day{% if (redirect.weekdays.invert): %} !={% endif %} {{ fw4.set(redirect.weekdays.days) }} {%+ endif -%}
  54 {%+ if (redirect.mark && redirect.mark.mask < 0xFFFFFFFF): -%}
  55         meta mark and {{ fw4.hex(redirect.mark.mask) }} {{
  56                 redirect.mark.invert ? '!=' : '=='
  57         }} {{ fw4.hex(redirect.mark.mark) }} {%+ endif -%}
  58 {%+ if (redirect.mark && redirect.mark.mask == 0xFFFFFFFF): -%}
  59         meta mark{% if (redirect.mark.invert): %} !={% endif %} {{ fw4.hex(redirect.mark.mark) }} {%+ endif -%}
  60 {%+ if (redirect.ipset): -%}
  61         {{ fw4.concat(redirect.ipset.fields) }}{{
  62                 redirect.ipset.invert ? ' !=' : ''
  63         }} @{{ redirect.ipset.name }} {%+ endif -%}
  64 {%+ if (redirect.counter): -%}
  65         counter {%+ endif -%}
  66 {% if (redirect.target == "redirect"): -%}
  67         redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
  68 {%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
  69         {{ redirect.target }}
  70 {%- else -%}
  71         {{ redirect.target }} {{ redirect.raddr ? fw4.host(redirect.raddr, redirect.rport != null) : '' }}
  72         {%- if (redirect.rport): %}:{{ fw4.port(redirect.rport) }}{% endif %}
  73 {% endif %} comment {{ fw4.quote(`!fw4: ${redirect.name}`, true) }}